We use Azure MFA at one of our clients which synchronizes with AD and pulls mobile numbers from users objects in AD. The user logs in to AnyConnect with the AD user, ISE forwards the username password to Azure MFA which checks the login against AD, Azure MFA then sends an SMS with the OTP and the user types this in.
I am sure there are more providers out there that can do this also, you just need to pick the one that suits your environment and budget.
--
Please remember to select a correct answer and rate helpful posts